<div align="Center"> 
<p><b>Lesson Plan Title:</b>CSRF User Prompt By-Pass</p><br/>
 </div>
 
<p><b>Concept / Topic To Teach:</b> </p>
This lesson teaches how to perform CSRF attacks that by-pass user confirmation prompts.
 <br> 
<div align="Left"> 
<p>
<b>How the attacks works:</b>
<p>
Cross-Site Request Forgery (CSRF/XSRF) is an attack that tricks the victim into loading a page 
that contains a 'forged request' to execute commands with the victim's credentials.  Prompting 
a user to confirm or cancel the command might sound like a solution, but can be by-passed if 
the prompt is scriptable.  This lesson shows how to by-pass such a prompt by issuing another 
forged request.  This can also apply to a series of prompts such as a wizard or issuing multiple 
unrelated forged requests.</p> 


</div>
<p><b>General Goal(s):</b> </p>
<!-- Start Instructions -->
Similar to the CSRF Lesson, your goal is to send an email to a newsgroup that
contains multiple malicious requests: the first to transfer funds, and the
second a request to confirm the prompt that the first request triggered.  The
URLs should point to the attack servlet with this CSRF-prompt-by-pass lesson's
Screen, menu parameters and with an extra parameter "transferFunds" having a
numeric value such as "5000" to initiate a transfer and a string value
"CONFIRM" to complete it. You can copy the lesson's parameters from the inset
on the right to create the URLs of the format
"attack?Screen=XXX&amp;menu=YYY&amp;transferFunds=ZZZ".

Whoever receives this email and happens to be authenticated at that time will have his funds transferred. 
When you think the attack is successful, refresh the page and you will find the green check on 
the left hand side menu.<br/>
<!-- Stop Instructions -->

